I’m running R4.1, and I have a habit of running
sudo qubes-dom0-update almost daily. I’ve noticed that on most days there are updates for the fedora-32 that runs dom0, to the point where it’s becoming alarming, since my understanding is that dom0 shouldn’t be updated that often as it’s the bedrock of Qubes OS’ security and updating exposes it to bugs and vulnerabilities.
I have several questions:
Am I wrong with any of my assumptions?
Is this unique to R4.1 (I don’t remember R4.0.3 being this busy, but that’s probably because it runs on fedora-28 which is no longer maintained)
Is there anything that can be done to reduce the risk here? Is not updating dom0 worse than updating it?
As some established and knowledgeable members have noted, fedora is updated so frequently it can be considered unstable–is it wise to continue entrusting dom0 to fedora?